BC-SECURITY · vinnybod · Jan 31, 2024 · Jan 31, 2024 · Jan 31, 2024 · Jan 31, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.9.2] - 2024-01-31
+-   Updated Starkiller to v2.7.2
+
+### Fixed
+
+-   Fixed the ForeignKeyConstraint error when refreshing a directory that contains a file with a linked Download (@Vinnybod)
+-   Downgraded bcrypt to version 4.0.1 to resolve issue in passlib (@Cx01N)
+
 ## [5.9.1] - 2024-01-25
 
 ### Changed
@@ -768,7 +776,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 -   Updated shellcoderdi to newest version (@Cx01N)
 -   Added a Nim launcher (@Hubbl3)
 
-[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.9.1...HEAD
+[Unreleased]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.9.2...HEAD
+
+[5.9.2]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.9.1...v5.9.2
 
 [5.9.1]: https://github.com/BC-SECURITY/Empire-Sponsors/compare/v5.9.0...v5.9.1
 

diff --git a/empire/server/common/agents.py b/empire/server/common/agents.py
@@ -569,12 +569,18 @@ def update_dir_list(self, session_id, response, db: Session):
         """
         if session_id in self.agents:
             # get existing files/dir that are in this directory.
-            # delete them and their children to keep everything up to date. There's a cascading delete on the table.
+            # delete them and their children to keep everything up to date.
+            # There's a cascading delete on the table.
+            # If there are any linked downloads, the association will be removed.
+            # This function could be updated in the future to do updates instead
+            # of clearing the whole tree on refreshes.
             this_directory = (
                 db.query(models.AgentFile)
                 .filter(
-                    and_(models.AgentFile.session_id == session_id),
-                    models.AgentFile.path == response["directory_path"],
+                    and_(
+                        models.AgentFile.session_id == session_id,
+                        models.AgentFile.path == response["directory_path"],
+                    ),
                 )
                 .first()
             )

diff --git a/empire/server/common/empire.py b/empire/server/common/empire.py
@@ -38,7 +38,7 @@
 
 from . import agents, credentials, listeners, stagers
 
-VERSION = "5.9.1 BC Security Fork"
+VERSION = "5.9.2 BC Security Fork"
 
 log = logging.getLogger(__name__)
 

diff --git a/empire/server/config.yaml b/empire/server/config.yaml
@@ -47,7 +47,7 @@ starkiller:
   repo: https://github.com/BC-SECURITY/Starkiller.git
   directory: empire/server/api/v2/starkiller
   # Can be a branch, tag, or commit hash
-  ref: v2.7.1
+  ref: v2.7.2
   auto_update: true
 plugins:
   # Auto-load plugin with defined settings

diff --git a/empire/server/core/db/models.py b/empire/server/core/db/models.py
@@ -61,7 +61,7 @@ def get_database_config():
 agent_file_download_assc = Table(
     "agent_file_download_assc",
     Base.metadata,
-    Column("agent_file_id", Integer, ForeignKey("agent_files.id")),
+    Column("agent_file_id", Integer, ForeignKey("agent_files.id", ondelete="CASCADE")),
     Column("download_id", Integer, ForeignKey("downloads.id")),
 )
 

diff --git a/empire/test/test_agents.py b/empire/test/test_agents.py
@@ -1,10 +1,13 @@
 import logging
 import time
 from datetime import datetime, timedelta, timezone
+from pathlib import Path
 
 import pytest
 from sqlalchemy.exc import IntegrityError
 
+from empire.server.common.empire import MainMenu
+
 log = logging.getLogger(__name__)
 
 
@@ -220,3 +223,89 @@ def test_can_ignore_duplicate_checkins(session_local, models, agent, main):
         checkin_count = len(db_agent.checkins.all())
 
         assert checkin_count == prev_checkin_count + 1
+
+
+def test_update_dir_list(session_local, models, agent, main: MainMenu):
+    with session_local.begin() as db:
+        message = {
+            "directory_path": "C:\\",
+            "directory_name": "C:\\",
+            "items": [
+                {
+                    "path": "C:\\Users\\vinnybod\\Desktop\\test.txt",
+                    "name": "test.txt",
+                    "is_file": True,
+                },
+                {
+                    "path": "C:\\Users\\vinnybod\\Desktop\\test2.txt",
+                    "name": "test2.txt",
+                    "is_file": True,
+                },
+            ],
+        }
+        main.agents.update_dir_list(agent, message, db)
+
+        file, _ = main.agentfilesv2.get_file_by_path(
+            db, agent, "C:\\Users\\vinnybod\\Desktop\\test.txt"
+        )
+
+        assert file.path == "C:\\Users\\vinnybod\\Desktop\\test.txt"
+        assert file.name == "test.txt"
+        assert file.is_file is True
+        assert file.parent_id is not None
+
+        db.query(models.AgentFile).delete()
+
+
+def test_update_dir_list_with_existing_joined_file(
+    session_local, models, agent, main: MainMenu, empire_config
+):
+    with session_local.begin() as db:
+        message = {
+            "directory_path": "C:\\",
+            "directory_name": "C:\\",
+            "items": [
+                {
+                    "path": "C:\\Users\\vinnybod\\Desktop\\test.txt",
+                    "name": "test.txt",
+                    "is_file": True,
+                },
+                {
+                    "path": "C:\\Users\\vinnybod\\Desktop\\test2.txt",
+                    "name": "test2.txt",
+                    "is_file": True,
+                },
+            ],
+        }
+        main.agents.update_dir_list(agent, message, db)
+
+        file, _ = main.agentfilesv2.get_file_by_path(
+            db, agent, "C:\\Users\\vinnybod\\Desktop\\test.txt"
+        )
+
+        download_path = Path("empire/test/avatar.png")
+        file.downloads.append(
+            models.Download(
+                location=str(download_path.absolute()),
+                filename=download_path.name,
+                size=download_path.stat().st_size,
+            )
+        )
+
+        # This previously raised a Foreign Key Constraint error, but should succeed now.
+        main.agents.update_dir_list(agent, message, db)
+
+        file2, _ = main.agentfilesv2.get_file_by_path(
+            db, agent, "C:\\Users\\vinnybod\\Desktop\\test.txt"
+        )
+
+        if empire_config.database.use != "sqlite":
+            # sqlite reuses ids and apparently doesn't cascade the delete to the
+            # association table. This can result in files being linked to the wrong
+            # download after refreshing a directory for sqlite.
+            assert file.id != file2.id
+            assert len(file2.downloads) == 0
+
+        assert file.name == file2.name
+
+        db.query(models.AgentFile).delete()